Monday, July 2, 2012

New Mac virus making the rounds


Image
Earlier this year, Macs around the world were infected by a malware called Flashback and it looks like there's another one on the way. Kaspersky Lab has now detected a malware that seems to be targeted at Uyghur activists using Macs. Kaspersky Lab is terming the attack as an APT (advanced persistent threat).
It appears the virus spreads via email. Victims get a mail with a zip file in it, the zip file contains a JPG image and a Mac OS X application. The application present in the zip file is a MaControl backdoor and it infects both i386 and PowerPC Macs.

Once the user runs the application, the virus is connected to a control server on the internet from which it is sent commands. Other operations such as listing and transferring files can also be done. Remote command orders can also be sent from the control server. Kaspersky detects the virus under the alias - Backdoor.OSX.MaControl.b.
New Mac virus making the rounds, uses MaControl backdoor
Kaspersky Lab has detected that the control server is located somewhere in China, based on the IP address that the backdoor virus contacts. There are also several spelling mistakes found in the comments and debug information. Kaspersky expects these kinds of APT attacks to increase on Macs. Apple’s products have been secure from worms, viruses and hackers, until now.
Earlier this year, a malware by the name of Flashback was found infecting Macs. Experts called it the worst security disaster to have hit Macs.
Almost 5,50,000 Macs were estimated to have been infected. The Flashback trojan was said to have been spreading around the world over a span of a few months. Its target was Macs and Macbooks running the OS X platform.
The US was said to have the the majority of all infected Macs with some 56.6 per cent of infections followed by Canada and the United Kingdom.

No comments:

Post a Comment